Control device and control method

1. A control device, comprising: a first processing environment; and a second processing environment, which is isolated from the first processing environment, the first processing environment including: a control processing unit configured to execute control processing on a control subject; a first storage area for storing data to be used by the control processing unit to control the control subject; and a verification determination unit configured to determine whether the control processing is to be executed, the second processing environment including: a second storage area for storing an expected value, which is generated in advance based on the data of the first storage area; a verification value generation unit configured to generate a verification value based on the data of the first storage area; and a verification execution unit configured to verify the data of the first storage area; the second storage area being set so as to be accessible only from the second processing environment, the verification value generation unit being configured to generate the verification value before the control processing executed by the control processing unit is stopped, and store the generated verification value in the second storage area, the verification execution unit being configured to execute comparison processing of comparing the expected value and the verification value before the control processing executed by the control processing unit is activated, and transmit a comparison result indicating a verification success or a verification failure to the verification determination unit included in the first processing environment, the verification determination unit being configured to: execute, when receiving from the verification execution unit the comparison result indicating the verification success, determination processing of determining that the control processing executed by the control processing unit is to be activated; and execute, when receiving from the verification execution unit the comparison result indicating the verification failure, determination processing of determining that activation of the control processing executed by the control processing unit is to be stopped.

2. A control device according to claim 1 , wherein the first processing environment further includes: an activation control unit configured to control activation and stopping of the control processing executed by the control processing unit; and a communication control unit having a communication function of communicating to and from an external device, and wherein the activation control unit: disables the communication function of the communication control unit before stopping the control processing executed by the control processing unit; and subsequently stops the control processing executed by the control processing unit after causing the verification value generation unit to generate the verification value.

3. A control device according to claim 2 , wherein the first processing environment further includes a time measurement unit that notifies, as an activation instruction, that a time point to activate the control processing executed by the control processing unit is reached, and wherein the activation control: enables the communication function of the communication control unit when the activation instruction is received from the time measurement unit after the control processing executed by the control processing unit is stopped; and causes, when the communication control unit receives from the external device an activation request for activating the control processing executed by the control processing unit, the verification execution unit to execute the comparison processing and the verification determination unit to execute the determination processing before activating the control processing executed by the control processing unit.

4. A control device according to claim 1 , wherein the verification execution unit compares a plurality of verification values generated by the verification value generation unit and a plurality of expected values stored in the second storage area, and transmits a plurality of comparison results each indicating a verification success or a verification failure for each of the plurality of verification values to the verification determination unit included in the first processing environment, and wherein the verification determination unit allows, based on the plurality of comparison results, a part of activation of the control processing executed by the control processing unit so that only control processing corresponding to a verification value for which the verification success is obtained is allowed to be executed.

5. A control device according to claims 2 , wherein the verification execution unit compares a plurality of verification values generated by the verification value generation unit and a plurality of expected values stored in the second storage area, and transmits a plurality of comparison results each indicating a verification success or a verification failure for each of the plurality of verification values to the verification determination unit included in the first processing environment, and wherein the verification determination unit allows, based on the plurality of comparison results, a part of activation of the control processing executed by the control processing unit so that only control processing corresponding to a verification value for which the verification success is obtained is allowed to be executed.

6. A control device according to claim 3 , wherein the verification execution unit compares a plurality of verification values generated by the verification value generation unit and a plurality of expected values stored in the second storage area, and transmits a plurality of comparison results each indicating a verification success or a verification failure for each of the plurality of verification values to the verification determination unit included in the first processing environment, and wherein the verification determination unit allows, based on the plurality of comparison results, a part of activation of the control processing executed by the control processing unit so that only control processing corresponding to a verification value for which the verification success is obtained is allowed to be executed.

7. A control method for a control device, the control device including: a first processing environment; a second processing environment, which is isolated from the first processing environment; and a control processing unit configured to control a control subject through use of data stored under the first processing environment, the control method comprising: generating a verification value based on data of a first storage area included in the first processing environment; storing the verification value in a second storage area included in the second processing environment, the generating of the verification value and the storing of the verification value being executed before control processing executed by the control processing unit is stopped; executing comparison processing of comparing an expected value generated in advance based on the data of the first storage area and the verification value; executing, when a comparison result obtained by the comparison processing indicates a verification success, determination processing of determining that the control processing executed by the control processing unit is to be activated; and executing, when a comparison result obtained by the comparison processing indicates a verification failure, determination processing of determining that activation of the control processing executed by the control processing unit is to be stopped, the executing of the comparison processing, the executing of the determination processing of determining that the control processing executed by the control processing unit is to be activated, and the executing of the determination processing of determining that the activation of the control processing executed by the control processing unit is to be stopped being executed before the control processing executed by the control processing unit is activated.